Re: capturing multiple packets

[Guy Harris <guy () alum mit edu>]

On Apr 7, 2010, at 11:52 PM, Vlabs .C wrote:

> i am developing a small sniffer using libpcap API's. I want to capture,
> process ARP, IP and TCP packets at a time. Right now I am not able find how
> to do it using pcap_compile to capture more than one type of packet at a
> time.

        "arp or ip"

is the filter to pass to pcap_compile() in that case (TCP packets *are* IP packets).

If you want to capture both IPv4 and IPv6, do

        "arp or ip or ip6"-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.